Device registration system, device registration server, device registration method, device registration program, storage medium, and terminal device

ABSTRACT

In a device registration system, user authentication and device authentication of a CE device are executed in a single session, and the user and the CE device are associated with each other if these authentications succeed. The CE device obtains information for the user authentication from an IC card and a portable memory, and sends the information and device authentication information to a device registration unit. The device registration unit sends the information for the user authentication to a user authentication unit, and the device authentication information to a device authentication unit. The user authentication unit executes a user authentication process and sends information of the user to the device registration unit if the authentication succeeds. The device authentication unit executes a device authentication process and sends information of the device to the device registration unit if the authentication succeeds. The device registration unit associates the user information and the device information with each other.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority from Japanese Application No.2003-188142 filed Jun. 30, 2003, the disclosure of which is herebyincorporated by reference herein.

BACKGROUND OF THE INVENTION

The present invention relates to device registration systems and thelike. For example, the present invention relates to a deviceregistration system that associates a registered user with a registereddevice by authenticating the registered user and the registered devicewhile maintaining a logical connection.

Recently, consumer electronics (CE) devices are coming to be used morecommonly. CE devices are, for example, audio-visual devices such asvideo recorders, stereo sets, and television sets, household electricappliance products such as rice cookers and refrigerators, or otherelectronic devices that include computers so that services can be usedvia a network.

Thus, a CE device holds device authentication information for deviceauthentication. A service server that provides a service executes deviceauthentication before providing the service to the CE device.

Furthermore, by registering a user of the CE device in advance andassociating the user with the CE device owned by the user, a moresophisticated service can be provided suitably for the user.

Furthermore, by managing the association between users and CE devices,unauthorized use of CE devices can be prevented. This serves to enhancesecurity of the system.

As described above, the association between users and CE devices is animportant task for providing a service involving the CE devices.

Conventionally, for the purpose of such association, for example, a userwho has purchased a CE device enters a user ID on a card attached to theCE device (information identifying the CE device, such as the serialnumber of the CE device, is printed in advance on the card) and sendsthe card by mail to a registration center, or enters the necessaryinformation on a predetermined registration sheet at the shop where theuser purchased the CE device.

Furthermore, according to a product-information providing system andproduct-information providing method proposed in Japanese UnexaminedPatent Application Publication No. 2002-352059, a user who has purchaseda CE device or the like is registered online via a network.

According to the proposed art, user information is stored on a storagemedium such as an IC card, and a user who has newly purchased a productis registered using the information stored on the IC card.

However, the task of associating a user with a CE device, even if it isexecuted online, requires the user to enter information relating to theuser and information relating to the CE device. This has been a burdenfor the user.

Furthermore, for example, when the CE device is a small audio device orthe like, the capability of displaying text information or an input unitfor allowing input by a user is not necessarily adequate for enteringsuch information.

Furthermore, when user information is registered in advance and theinformation is read for registration, the user must enter userauthentication information such as a password. If the input is made viaa software keyboard or the like, the user authentication informationcould be guessed by a third party watching the input operation.

SUMMARY OF THE INVENTION

Accordingly, it is an object of the present invention to provide adevice registration system and the like that readily allows deviceregistration and updating of device registration by a user.

The present invention, in a first aspect thereof, provides a deviceregistration system including a terminal device storing deviceauthentication information; and a device registration unit. The terminaldevice includes an obtaining unit operable to obtain information foridentifying a user from an IC card; a confirming unit operable to obtaininformation confirming that the user is a registered user based on theuser identification information; and a sending unit operable to send theconfirmation information and the stored device authenticationinformation to the device registration unit while maintaining a logicalconnection with the device registration unit. The device registrationunit includes a user confirmation unit operable to receive theconfirmation information from the terminal device and to confirm thatthe user is a registered user based on the confirmation information; anobtaining unit operable to obtain a result of authentication of theterminal device based on the device authentication information receivedfrom the terminal device; and a storage unit operable to storeinformation that is unique to the user and information that is unique tothe terminal device in association with each other when the user hasbeen confirmed as a registered user and the terminal device has beenauthenticated.

The present invention, in a second aspect thereof, provides a deviceregistration server including an information receiving unit operable toreceive user confirmation information and device authenticationinformation from a terminal device while maintaining a logicalconnection with the terminal device, the user confirmation informationbeing usable to confirm that a user is a registered user, and the deviceauthentication information being usable to authenticate the terminaldevice; a user confirmation unit operable to confirm that the user is aregistered user based on the received user confirmation information; adevice-authentication-result obtaining unit operable to obtain a resultof authentication of the terminal device based on the deviceauthentication information; and a storage unit operable to storeinformation of the user and information of the terminal device inassociation with each other when the user has been confirmed as aregistered user and the terminal device has been authenticated.

The device registration server according to the second aspect may besuch that the user confirmation information includes user identificationinformation and password information, the device registration serverfurther including a user-authentication requesting unit operable torequest user authentication from a user authentication unit based on theuser identification information and the password information, and toobtain a result of the user authentication from the user authenticationunit, wherein the user confirmation unit confirms that the user is aregistered user based on the result of the user authentication.

The device registration server according to the second aspect may alsobe such that the user confirmation information is a result ofauthentication of the user, and the user confirmation unit confirms thatthe user is a registered user by confirming that the result of the userauthentication is correct.

The device registration server according to the second aspect mayfurther include a service providing unit operable to provide a serviceto the terminal device whose information has been stored by the storageunit; and a settlement-information obtaining unit operable to obtainsettlement information set in advance for the user; wherein the storageunit is operable to store information that is unique to the user,information that is unique to the device, and the obtained settlementinformation in association with each other, the stored settlementinformation being usable to settle a service charge for the providedservice.

The present invention, in a third aspect thereof, provides a deviceregistration method including receiving user confirmation informationand device authentication information from a terminal device whilemaintaining a logical connection with the terminal device, the userconfirmation information being usable to confirm that a user is aregistered user, and the device authentication information being usableto authenticate the terminal device; confirming that the user is aregistered user based on the user confirmation information; obtaining aresult of an authentication procedure for the terminal device, theauthentication procedure being based on the received deviceauthentication information; and storing information of the user andinformation of the terminal device in association with each other whenthe user has been confirmed as a registered user and the terminal devicehas been authenticated.

The device registration method according to the third aspect may be suchthat the user confirmation information includes user identificationinformation and password information, and the confirming step includesrequesting user authentication based on the user identificationinformation and the password information; obtaining a result of the userauthentication; and confirming that the user is a registered user basedon the result of the user authentication.

The device registration method according to the third aspect may also besuch that the user confirmation information is a result ofauthentication of the user, and the confirming step includes confirmingthat the user is a registered user by confirming that the result of theuser authentication is correct.

The device registration method according to the third aspect may furtherinclude providing a service to the terminal device whose information hasbeen stored in the storing step; and obtaining settlement informationset in advance for the user; wherein the storing step stores informationthat is unique to the user, information that is unique to the terminaldevice, and the obtained settlement information in association with eachother, the stored settlement information being usable to settle aservice charge for the provided service.

The present invention, in a fourth aspect thereof, provides a recordingmedium recorded with instructions for causing a computer to execute adevice registration method, the device registration method includingreceiving user confirmation information and device authenticationinformation from a terminal device while maintaining a logicalconnection with the terminal device, the user confirmation informationbeing usable to confirm that a user is a registered user, and the deviceauthentication information being usable to authenticate the terminaldevice; confirming that the user is a registered user based on thereceived user confirmation information; obtaining a result of anauthentication procedure for the terminal device, the authenticationprocedure being based on the received device authentication information;and storing information of the user and information of the terminaldevice in association with each other when the user has been confirmedas a registered user and the terminal device has been authenticated.

The recording medium according to the fourth aspect may be such that theuser confirmation information includes user identification informationand password information, and the confirming step includes requestinguser authentication based on the user identification information and thepassword information; obtaining a result of the user authentication; andconfirming that the user is a registered user based on the result of theuser authentication.

The recording medium according to the fourth aspect may also be suchthat the user confirmation information is a result of authentication ofthe user, and the confirming step includes confirming that the user is aregistered user by confirming that the result of the user authenticationis correct.

In the recording medium according to the fourth aspect, the deviceregistration method may further include providing a service to theterminal device whose information has been stored in the storing step;and obtaining settlement information set in advance for the user;wherein the storing step stores information that is unique to the user,information that is unique to the device, and the obtained settlementinformation in association with each other, and the stored settlementinformation is usable to settle a service charge for the providedservice.

The present invention, in a fifth aspect thereof, provides a system forperforming device registration, the system including a processoroperable to execute instructions; and instructions for performing adevice registration method, the method including receiving userconfirmation information and device authentication information from aterminal device while maintaining a logical connection with the terminaldevice, the user confirmation information being usable to confirm that auser is a registered user, and the device authentication informationbeing usable to authenticate the terminal device; confirming that theuser is a registered user based on the received user confirmationinformation; obtaining a result of an authentication procedure for theterminal device based on the received device authentication information;and storing information of the user and information of the terminaldevice in association with each other when the user has been confirmedas a registered user and the terminal device has been authenticated.

The present invention, in a sixth aspect thereof, provides a terminaldevice storing device authentication information, the terminal deviceincluding a user-identification-information obtaining unit operable toobtain information for identifying a user from an IC card; auser-confirmation-information obtaining unit operable to obtaininformation for confirming that the user is a registered user based onthe user identification information; and an information sending unitoperable to send the confirmation information and the stored deviceauthentication information to a device registration unit for storinginformation that is unique to the terminal device and information thatis unique to the user in association with each other while maintaining alogical connection with the device registration unit.

The terminal device according to the sixth aspect may further include apassword-information obtaining unit operable to obtain passwordinformation, wherein the confirmation information is composed using theuser identification information and the password information.

The terminal device according to the sixth aspect may further include apassword-information obtaining unit operable to obtain passwordinformation; and a user-authentication-result obtaining unit operable torequest user authentication from a user authentication unit based on theuser identification information and the password information, and toobtain a result of the user authentication from the user authenticationunit; wherein the obtained confirmation information includes the resultof the user authentication.

The present invention, in a seventh aspect thereof, provides a deviceregistration method including obtaining information for identifying auser from an IC card; obtaining information for confirming that the useris a registered user based on the user identification information; andsending the confirmation information and stored device authenticationinformation to a device registration unit for storing information thatis unique to the terminal device and information that is unique to theuser in association with each other while maintaining a logicalconnection with the device registration unit.

The device registration method according to the seventh aspect mayfurther include obtaining password information, wherein the obtainedconfirmation information is composed using the user identificationinformation and the password information.

The device registration method according to the seventh aspect mayfurther include obtaining password information; requesting userauthentication from a user authentication unit based on the useridentification information and the password information; and obtaining aresult of the user authentication from the user authentication unit;wherein the obtained confirmation information includes the result of theuser authentication.

The present invention, in an eighth aspect thereof, provides a recordingmedium recorded with instructions for causing a computer to execute adevice registration method, the device registration method includingobtaining information for identifying a user from an IC card; obtaininginformation for confirming that the user is a registered user based onthe user identification information; and sending the confirmationinformation and stored device authentication information to a deviceregistration unit for storing information that is unique to the terminaldevice and information that is unique to the user in association witheach other, while maintaining a logical connection with the deviceregistration unit.

The recording medium according to the eighth aspect may further includeobtaining password information, wherein the obtained confirmationinformation is composed using the user identification information andthe password information.

The recording medium according to the eighth aspect may further includeobtaining password information; requesting user authentication from auser authentication unit based on the user identification informationand the password information; and obtaining a result of the userauthentication from the user authentication unit; wherein the obtainedconfirmation information includes the result of the user authentication.

The present invention, in a ninth aspect thereof, provides a system forperforming device registration, the system including a processoroperable to execute instructions; and instructions for performing adevice registration method, the method including obtaining informationfor identifying a user from an IC card; obtaining information forconfirming that the user is a registered user based on the useridentification information; and sending the confirmation information andstored device authentication information to a device registration unitfor storing information that is unique to the terminal device andinformation that is unique to the user in association with each other,while maintaining a logical connection with the device registrationunit.

According to the present invention, a user is readily allowed toregister a device to a service or the like.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing an example of the configuration of a deviceregistration system according to an embodiment of the present invention;

FIGS. 2A to 2C are diagrams showing examples of various tables used inthe device registration system;

FIG. 3 is a flowchart for explaining a device registration procedure;

FIGS. 4A to 4D are diagrams showing examples of screens that aredisplayed during device registration;

FIG. 5 is a diagram showing an example of the hardware configuration ofa CE device;

FIG. 6 is a diagram showing a modification of a device-user associationtable;

FIG. 7 is a flowchart for explaining a first modification of the presentinvention;

FIG. 8 is a diagram showing an example of the configuration of a deviceregistration system according to a second modification of the presentinvention;

FIGS. 9A to 9C are diagrams showing examples of various tables used inthe second modification;

FIG. 10 is a diagram showing the configuration of a device registrationsystem according to a third modification of the present invention; and

FIGS. 11A and 11B are diagrams showing examples of various tables usedin the third modification.

DETAILED DESCRIPTION

Now, a preferred embodiment of the present invention will be describedin detail with reference to the drawings.

(1) Overview of the Preferred Embodiment

User authentication and device authentication of a CE device areexecuted in a single session, and the user and the CE device areassociated with each other if these authentications succeed. It isassumed herein that the user and the CE device have been registered inadvance to allow the authentications.

Referring to FIG. 1, a CE device 9 obtains information needed for userauthentication from an IC card 7 and a portable memory 6.

The CE device 9 holds device authentication information. The CE device 9sends the device authentication information and the information for userauthentication obtained from the IC card 7 and the memory 6 to a deviceregistration server 5.

The device registration server 5 sends the information for userauthentication to a user authentication server 2, and sends the deviceauthentication information to a device authentication server 3.

The user authentication server 2 executes user authentication, and sendsuser information relating to the user to the device registration server5 if the user authentication succeeds.

The device authentication server 3 executes device authentication, andsends device information relating to the device to the deviceregistration server 5 if the device authentication succeeds.

Then, the device registration server 5 receives the user information andthe device information, and associates the user information and thedevice information with each other.

The device registration server 5 executes the above operations in asingle session. Thus, it is ensured that the information for userauthentication and the device authentication information have both beentransmitted from the CE device 9. Therefore, the user and the CE device9 are associated correctly with each other.

Although all of the processing is executed in a single session in thisembodiment, the user and the CE device 9 can be associated correctlywith each other as long as at least the processing for receiving theinformation for user authentication and the processing for receiving thedevice authentication information are executed in a single session.

(2) Details of the Preferred Embodiment

FIG. 1 is a diagram showing an example of the configuration of a deviceregistration system 1 according to this embodiment. In the deviceregistration system 1, the user authentication server 2, the deviceauthentication server 3, the device registration server 5, and the CEdevice 9 are arranged so that these components can communicate with eachother via a network.

The CE device 9 is a terminal device that is capable of carrying outcommunications via a network. The CE device 9 holds a unique device IDfor distinguishing itself from other CE devices, and deviceauthentication information for executing device authentication. Thedevice ID and the device authentication information are embedded inadvance in the CE device 9 at the manufacturing factory or the like.

The device authentication information is generated, for example, bycombining the device ID and a passphrase (a long password or a keyshared with a server) or secret key information that is unique to thedevice.

The CE device 9 is, for example, a stereo set, a television set, a videorecorder, an air conditioner, a bath boiler, a lighting device, alavatory bowl, or various other electric products.

By implementing these devices as CE devices, for example, in the case ofa stereo set, a television set, or a video recorder, remote operationssuch as downloading content and reservation of recording are allowed. Inthe case of an air conditioner, a bath boiler, or a lighting device,remote operations such as turning the device on or off are allowed. Inthe case of a lavatory bowl, waste of a user can be sensed by a sensorand data can be sent to a healthcare server to check the medical statusof the user.

The CE device 9 includes a reader/writer that is capable of carrying outshort-range wireless communications with a contactless IC card to reador write data, and it is thus capable of carrying out wirelesscommunications with an IC card 7 that is a contactless IC card.Alternatively, a reader/writer may be provided externally to the CEdevice 9.

The CE device 9 also has a slot that allows the portable memory 6 to bemounted or removed, and it is capable of writing data to or reading datafrom the portable memory 6 mounted thereon.

Furthermore, the CE device 9 includes a display for displaying textinformation or images.

The IC card 7 includes a communication unit for carrying out wirelesscommunications with a reader/writer, a storage unit for storing data andprograms, and a calculating unit for executing calculations according tothe programs. The IC card 7 is driven by power received wirelessly froma reader/writer.

The IC card 7 stores a card ID that is unique identificationinformation, and it sends the card ID to the CE device 9 in response toa request from the CE device 9. The card ID is associated with a user IDand a password at the user authentication server 2, which will bedescribed later. Thus, the card ID serves as user identificationinformation for identifying a user.

In this embodiment, a contactless IC card is used as the IC card 7.However, without limitation to a contactless IC card, any device that iscapable of storing unique information associated with a user ID andproviding the information to the CE device 9, such as a contact IC cardor a magnetic card, may be used. Also, a cellular phone including acontactless communication device having the equivalent functions of acontactless IC card may be used.

Alternatively, information that is specific to a user, such as afingerprint or voiceprint of the user, may be associated with a user IDso that the CE device 9 can obtain the information.

The portable memory 6 is a semiconductor memory that is implemented in asmall size for portable use, and it is capable of storing various dataso as to allow reading and writing. The portable memory 6 can be mountedon other computer products such as a personal computer, as well as theCE device 9. The portable memory 6 is a non-volatile memory that holdsdata even when it is detached from these products.

The portable memory 6 stores in advance a memory ID that is unique IDinformation, such that the memory ID cannot be erased or changed, sothat the portable memory 6 can be identified by the memory ID.

Furthermore, in this embodiment, the portable memory 6 stores passwordinformation for identifying the password of a user, such that thepassword information can be read from the CE device 9.

The card ID and the password information are information for userauthentication that is obtained by the CE device 9 and that is used asuser confirmation information for identifying user authenticationinformation at the user authentication server 2.

In this embodiment, the CE device 9 obtains password information fromthe portable memory 6. Alternatively, a user may directly enter apassword to the CE device 9. Furthermore, the portable memory 6 need notbe used if all the information for user authentication is held in the ICcard 7 or if the possession of IC card 7 itself is used as a proof ofidentity.

The CE device 9 stores in advance connecting information for connectingto the device registration server 5, such as a uniform resource locator(URL), or stores connecting information provided by another server. Whenthe device is registered, the CE device 9 connects to the deviceregistration server 5, and sends information for user authenticationread from the IC card 7 and the portable memory 6 and a device ID anddevice authentication information embedded in the CE device 9 to thedevice registration server 5.

The user authentication server 2 is a server apparatus forauthenticating users who have been registered in advance. The userauthentication server 2 receives information for user authenticationfrom the CE device 9, executes user authentication using the informationfor user authentication, and sends a result of user authentication tothe CE device 9. Furthermore, if the user authentication succeeds, theuser authentication server 2 also sends user information to the deviceregistration server 5 together with the result of user authentication.

FIG. 2A is a diagram showing an example of a user authentication tablestored in the user authentication server 2.

As shown in FIG. 2A, in the user authentication table, a card ID of theIC card 7 owned by the user, a user ID and password information set bythe user, and user information entered by the user at the time of userregistration are stored such that these pieces of information areassociated with each other.

Of these pieces of information, the user information includes basicpersonal information such as a name, an address, a phone number, and ane-mail address, and also includes other information such as a date ofbirth, a business address, and hobbies. The user authentication server 2executes user authentication using the information recorded in the userauthentication table. In this embodiment, it is assumed that the user isregistered in advance in the user authentication server 2.

Using the user authentication table described above, the userauthentication server 2 executes user authentication in the followingmanner. First, based on a card ID received from the CE device 9, theuser authentication server 2 identifies password information that isuniquely associated with the user ID and the card ID.

Then, the user authentication server 2 receives password informationfrom the CE device 9 and identifies the password information, and checksmatching with the password information that has been identified earlier.If these pieces of password information match, the user authenticationsucceeds. On the other hand, if the pieces of password information donot match, the user authentication fails.

The password information that is received from the portable memory 6 is,for example, a memory ID. The memory ID may be associated with apassword in advance in the user authentication server 2, or an encryptedpassword may be decrypted in the user authentication server 2.

If the user directly enters a password to the CE device 9 instead ofusing the portable memory 6, the user authentication server 2 comparesthe password entered by the user with a password identified based on thecard ID.

Referring back to FIG. 1, the device authentication server 3 is a serverapparatus for executing device authentication of the CE device 9. Thedevice authentication server 3 receives device authenticationinformation from the CE device 9, executes device authentication, andsends a result of device authentication to the device authenticationserver 3. If the device authentication succeeds, the deviceauthentication server 3 sends device information of the CE device 9 tothe CE device 9 together with the result of device authentication.

The CE device 9 may be registered in advance prior to sales on themarket to allow device authentication with the CE device 9.Alternatively, the status of the CE device 9 may be changed by a user'soperation prior to the registration of a service to allow deviceauthentication by itself.

FIG. 2B is a diagram showing an example of a device authentication tablestored in the device authentication server 3.

In the device authentication table, a device ID that is ID informationfor identifying a device, device authentication information forexecuting device authentication, device information relating to thedevice, and a registration number or the like are associated with eachother.

The device information includes information relating to the CE device 9,for example, a product code, a serial number, a date of manufacture, andmanufacturer information.

The registration number is a number that is assigned when these piecesof information are uploaded to the device authentication server 3.

The device authentication server 3 described above receives a device IDand device authentication information from the CE device 9, and executesdevice authentication of the CE device 9 by comparing the device ID andthe device authentication information with information in the deviceauthentication table, by receiving a digest value generated from thedevice authentication information instead of the device authenticationitself and comparing the digest value, or by receiving a digitalsignature encrypted with a secret key of a public-key cryptosystem anddecrypting the digital signature with an associated public key forverification.

More specifically, the device authentication server 3 searches thedevice authentication table for the device ID and the deviceauthentication information received from the CE device 9. The deviceauthentication succeeds if the device ID and the device authenticationinformation found by the search are associated with each other, if adigest value generated from device authentication information associatedwith the device ID found by the search matches, or if verification ofsignature information using device authentication information associatedwith the device ID, i.e., using key information, succeeds.

On the other hand, if at least one of the device ID and the deviceauthentication information is absent in the device authentication table,or if the device ID and the device authentication are present but arenot associated with each other, the device authentication fails.

Referring back to FIG. 1, the device registration server 5 is a serverapparatus for associating a user with the CE device 9.

The device registration server 5 receives information for userauthentication, including a card ID and password information that serveas user confirmation information, and information for deviceauthentication, including a device ID and device authenticationinformation, from the CE device 9 by receiving means.

Then, the device registration server 5 sends the information for userauthentication to the user authentication server 2 to request userauthentication, and receives a result of user authentication and userinformation of the user from the user authentication server 2 in orderto confirm the user.

Furthermore, the device registration server 5 sends the information fordevice authentication to the device authentication server 3 to requestdevice authentication, and receives a result of device authenticationand device information of the CE device 9 from the device authenticationserver 3.

Then, the device registration server 5 stores the user information andthe device information such that these pieces of information areassociated with each other.

FIG. 2C is a diagram showing an example of a device-user associationtable generated by the device registration server 5. The device-userassociation table includes user information and device information, andthe device information is associated with the user information.

If a user owns a plurality of CE devices, a plurality of sets of deviceinformation are associated with the user information. Furthermore, eachtime a user newly purchases a CE device and registers the CE device oreach time a registration is cancelled, the device registration server 5updates the device-user association table.

The device registration server 5 executes all of the processing fromreceipt of a device registration request from the CE device 9 tocompletion of association between the user and the CE device 9 in asingle session. A session herein refers to a continuous logicalconnection in communication via a network.

Even if a communication circuit temporarily becomes disconnected due toa problem or the like, when the circuit has been recovered, for example,a session can be recovered using a one-time password, or information tobe transmitted is temporarily stored in the device so that a series ofexchanges of data over the network can be completed asynchronously withuser operations when the circuit has been recovered.

More specifically, when establishing a session, the device registrationserver 5 issues a one-time password to the CE device 9. When acommunication circuit becomes disconnected and is then recovered, the CEdevice 9 sends the one-time password to the device registration server5. Accordingly, the device registration server 5 is able to recognizethe CE device 9, so that the session can be resumed from the point wherethe session had become disconnected.

As described above, the device registration server 5 receivesinformation for user authentication and information for deviceauthentication from the CE device 9 in a single session. Thus, thedevice registration server 5 is able to confirm that the information foruser authentication is read and transmitted from the CE device 9.

Therefore, a user that has passed user authentication based oninformation for user authentication transmitted in a session and the CEdevice 9 that has passed device authentication based on information fordevice authentication transmitted in the same session are associatedwith each other. Accordingly, the user and the CE device 9 areassociated correctly with each other, so that spoofing or the like by athird party is prevented.

Thus, the user and the CE device 9 can be associated with each other byexecuting at least processing for receiving information for userauthentication and information for device authentication from the CEdevice 9 in a single session.

In this embodiment, if a session becomes disconnected in the middle forsome reason, the session is resumed from the beginning.

FIG. 3 is a flowchart for explaining the device registration procedure.

First, in step S2, the user connects the CE device 9 to a network, setsthe IC card 7 in the reader/writer of the CE device 9, and sends arequest for device registration to the device registration server 5.

Then, in step S10, the device registration server 5 sends a request foruser authentication to the CE device 9.

In step S4, the CE device 9 obtains a card ID from the IC card 7,obtains password information from the portable memory 6, and sends thecard ID and the password information to the device registration server5. Instead of using the portable memory 6, the user may enter a passworddirectly to the CE device 9.

In step S12, the device registration server 5 receives the card ID andthe password information from the CE device 9, and sends the card ID andthe password information to the user authentication server 2.

In step S30, the user authentication server 2 receives the card ID andthe password information from the CE device 9, and executes userauthentication. It is assumed herein that the user authenticationsucceeds.

Then, in step S32, the user authentication server 2 sends anauthentication result indicating successful user authentication and userinformation of the user to the device registration server 5.

In step S14, the device registration server 5 temporarily stores theuser information transmitted from the user authentication server 2, andissues a device authentication request to the CE device 9.

Then, in step S6, the CE device 9 reads a device ID and deviceauthentication information stored in advance in the CE device 9, andsends the device ID and the device authentication information to thedevice registration server 5.

In order to enhance security, the CE device 9 stores the deviceauthentication information in an encrypted form, and the CE device 9decrypts the device authentication information when sending it.

In step S16, the device registration server 5 receives the device ID andthe device authentication information from the CE device 9, and sendsthe device ID and the device authentication information to the deviceauthentication server 3.

In step S40, the device authentication server 3 receives the device IDand the device authentication information from the device registrationserver 5, and executes device authentication of the CE device 9. It isassumed herein that the device authentication succeeds.

In step S42, the device authentication server 3 sends a notification ofsuccessful device authentication and device information of the CE device9 to the device registration server 5.

In step S18, the device registration server 5 stores the deviceinformation received from the device authentication server 3 and theuser information that has been temporarily stored earlier in associationwith each other, thereby updating the device-user association table.

Then, in step S20, the device registration server 5 sends a notificationof completion of registration to the CE device 9.

In step S8, the CE device 9 receives the notification of completion ofregistration from the device registration server 5, and presents thenotification to the user.

The device registration process is completed by the procedure describedabove.

If the user authentication or the device authentication fails, thedevice registration server 5 sends a notification to that effect to theCE device 9.

Furthermore, before updating the device-user association table, thedevice registration server 5 may cause the CE device 9 to presentinformation relating to user information and device information inassociation with each other so that the user may confirm theinformation.

In this embodiment, the device registration server 5 requests the CEdevice 9 to send information for device authentication upon completionof user authentication. However, without limitation to the embodiment,for example, information for user authentication and information fordevice authentication may be received from the CE device 9 beforeexecuting user authentication and device authentication. Alternatively,device information may be executed before requesting userauthentication.

FIGS. 4A to 4D show examples of a series of screens that are displayedon the display of the CE device 9 during device registration.

After purchasing the CE device 9, the user selects a device registrationmode from a setup menu displayed on the CE device 9.

Then, the screen shown in FIG. 4A is displayed to prompt the user to setthe IC card 7 and the portable memory 6.

When the user has set the IC card 7 in the reader/writer of the CEdevice 9 and set the portable memory 6 in the slot for the portablememory, user authentication and device authentication start, and ascreen indicating that authentication is in progress is displayed, asshown in FIG. 4B.

When the user authentication and the device authentication have beencompleted, the device registration server 5 may send informationconfirming the content of the registration to the CE device 9. In thatcase, the user and the CE device 9 to be associated with each other aredisplayed on the CE device 9, as shown in FIG. 4C. The user selects“Yes” to accept the association or selects “No” to reject theassociation.

When the device registration has been completed, a notification ofcompletion of registration is displayed on the CE device 9, as shown inFIG. 4D.

FIG. 5 is a diagram showing an example of the hardware configuration ofthe CE device 9.

A central processing unit (CPU) 121 executes various processingaccording to programs stored in a read-only memory (ROM) 122 or programsloaded from a storage unit 128 into a random access memory (RAM) 123.The ROM 122 stores basic programs, parameters, and the like that areneeded for the operation of the CE device 9. The RAM 123 provides aworking area needed by the CPU 121 to execute various processing.

The storage unit 128 stores programs and data needed for the operationof the CE device 9. The storage unit 128 is implemented by a storagedevice such as a hard disk or a semiconductor memory. The device ID anddevice authentication information used for device authentication arestored in the storage unit 128. Furthermore, a program for connecting tothe device registration server 5 at the time of device registration andfor executing a device registration process is stored in the storageunit 128. Other programs stored in the storage unit 128 include anoperating system (OS) for achieving basic functions such as fileinput/output and control of the components of the CE device 9.

The CPU 121, the ROM 122, and the RAM 123 are connected to each othervia a bus 124. The bus 124 is also connected to an input/outputinterface 125.

The input/output interface 125 is connected to an input unit 126including a keyboard and a mouse, an output unit 127 including acathode-ray tube (CRT) display or a liquid crystal display (LCD) and aspeaker, the storage unit 128 implemented by a hard disk or the like,and a communication unit 129 implemented by a modem, a terminal adaptor,or the like. The input/output interface 125 is also connected to thereader/writer of the IC card 7, and to the slot for mounting theportable memory 6.

The communication unit 129 is a functional unit for carrying outcommunications via a network. For example, the communication unit 129connects to the device registration server 5 and intermediatescommunications between the CE device 9 and the device registrationserver 5.

Furthermore, the input/output interface 125 is connected to a drive 130as needed, on which a magnetic disk 141, an optical disk 142, amagneto-optical disk 143, a memory card 144, or the like is mounted asneeded, and a computer program read therefrom is installed on thestorage unit 128 as needed.

The configurations of the user authentication server 2 and the deviceauthentication server 3 are basically the same as the configuration ofthe CE device 9, so that descriptions thereof will be omitted.

The device registration server 5 in this embodiment associates userinformation with device information in the device-user associationtable. However, without limitation to the embodiment, informationidentifying a user and information identifying the CE device 9 may beassociated with each other by other methods.

FIG. 6 is a diagram showing an example of the device-user associationtable in which user IDs and device IDs are associated with each other.By associating device IDs with user IDs, a user can be associated withthe CE device 9.

In this embodiment, as an example, the user authentication server 2, thedevice authentication server 3, and the device registration server 5 areused in the device registration system 1. Alternatively, each of theserver apparatuses may be implemented by a system composed of aplurality of servers, or the functions of the three server apparatusesmay be implemented by a single server.

As described above, in this embodiment, customer information orsettlement information is identified by personal authentication using anIC card, and device authentication is also executed in the same session.Accordingly, registration of an owner of the CE device 9 or a deviceused for a specific service can be performed by a very intuitiveoperation without newly entering characters or the like.

The input device of the CE device 9 may be a jog dial, a slide switch,or the like, and it suffices for the output device to have thecapability of displaying one line.

Furthermore, a device may be registered not from a main unit of thedevice but by entering an encoded text string identifying an individualproduct using the numeric keys of a remote controller or the like.

In this embodiment, user authentication is executed using an IC card anda memory card storing password information. However, device registrationmay be implemented through user authentication and device authenticationusing an IC card without a memory card storing password information, anda personal identification number (PIN) that is entered for personalidentification to a device to be registered.

Furthermore, when a cellular phone including a contactless communicationdevice is used as described earlier instead of a contactless IC card,user authentication may be executed based on a PIN entered from thecellular phone.

Furthermore, by registering user information and the terminal ID of acellular phone registered by a user at a user authentication server,user authentication that identifies the user based on the terminal ID ofthe cellular phone is allowed. In that case, if the cellular phonesupports a function of infrared communications, the terminal ID can betransmitted from a device to be registered together with deviceauthentication information at the time of device authentication. Whenthe user is identified based on the terminal ID of the cellular phone,the terminal ID is used in combination with a PIN entered from thecellular phone for user authentication, allowing device registrationthrough device authentication.

In this embodiment, password information is input from the portablememory 6 of the CE device 9. Alternatively, for example, userauthentication may be executed using only the IC card 7 or the IC card 7and an identification number consisting of about four numeric digits.When user authentication is executed using only the IC card 7, the ICcard 7 is set to the reader/writer of the CE device 9, and the CE device9 is connected to the device registration server 5, whereby deviceregistration of the CE device 9 is allowed.

According to the embodiment described above, the following advantagesare achieved.

-   (1) Since the device registration server 5 receives information for    device registration and information for user registration from the    CE device 9 in a single session, the device registration server 5    can associate a user and the CE device 9 accurately with each other.-   (2) A user can register an association between the user and the CE    device 9 simply by setting the IC card 7 and the portable memory 6.-   (3) When the portable memory 6 is not used, an association between    the user and the CE device 9 can be registered simply by setting the    IC card 7 to the CE device 9 and entering a password to the CE    device 9.-   (4) The user need not enter information, or needs to input only a    password. Thus, the user can readily register the CE device 9 even    when the display capability of the CE device 9 is low.-   (5) The user need not enter information, or needs to enter only a    password. Thus, the user can readily register the CE device 9 even    when the text input capability of the CE device 9 is low.-   (6) Since the user and the CE device 9 are associated with each    other automatically via a network, manual operations are not needed,    so that registration can be executed quickly and at low cost.    First Modification

In a first modification, a user is associated with the CE device 9without passing information for user authentication to the deviceregistration server 5. This is because, since the device registrationserver 5 can be a server apparatus that provides a commercial servicemanaged by a third party, it is preferred not to pass information foruser authentication to the device registration server 5 in order toimprove security.

As described above, the device registration server 5 may be implementedas a service providing server that simply associates a user with the CEdevice 9 and provides a service to the CE device 9.

The network configuration of this modification is the same as that ofthe device registration system 1, so that description will be givenusing the same numerals for the corresponding components.

FIG. 7 is a flowchart for explaining the first modification.

First, in step S52, the CE device 9 issues a device registration requestto the device registration server 5.

Then, in step S70, the device registration server 5 issues a userauthentication request to the CE device 9.

Then, in step S54, the CE device 9 obtains a card ID from the IC card 7,obtains password information from the portable memory 6, and sends thesepieces of information for user authentication to the user authenticationserver 2.

In step S90, the user authentication server 2 receives the informationfor user authentication from the CE device 9, executes the userauthentication, and sends the result of the user authentication to theCE device 9. It is assumed herein that the user authentication succeeds.

In step S56, the CE device 9 receives the result of the userauthentication from the user authentication server 2, and sends (i.e.,redirects) the result of the user authentication to the deviceregistration server 5.

In step S72, the device registration server 5 receives the result of theuser authentication from the CE device 9, and requests that the userauthentication server 2 confirm that the result of the userauthentication is a result of user authentication executed by the userauthentication server 2.

The confirmation can be executed using, for example, a one-time token. Aone-time token is a random value with a sufficient length that can beused only once after issuance thereof. More specifically, the userauthentication server 2 sends a one-time token to the CE device 9together with the result of the user authentication. At this time, theuser authentication server 2 stores the result of the userauthentication and the one-time token in combination with one another.

Then, the CE device 9 sends the one-time token to the deviceregistration server 5 together with the result of the userauthentication. The device registration server 5 requests that the userauthentication server 2 confirm the result of the user authenticationusing the one-time token.

The user authentication server 2 can confirm that the result of the userauthentication received by the device registration server 5 is a resultof the user authentication executed by the user authentication server 2by comparing the one-time token received from the device registrationserver 5 with the combination of the result of the user authenticationand the one-time token stored earlier.

After confirming the result of the user authentication as describedabove, in step S92, the user authentication server 2 sends a result ofthe confirmation and user information to the device registration server5.

Upon receiving these pieces of information from the user authenticationserver 2, the device registration server 5 confirms that the result ofthe user authentication received from the CE device 9 is correct, andstores the user information.

Then, in step S74, the device registration server 5 sends a deviceauthentication request to the CE device 9.

Then, in step S58, the CE device 9 sends a device ID and deviceauthentication information to the device registration server 5.

In step S76, the device registration server 5 receives the device ID andthe device authentication information from the CE device 9, and sendsthe device ID and the device authentication information to the deviceauthentication server 3.

In step S100, the device authentication server 3 receives the device IDand the device authentication information from the device registrationserver 5, executes device authentication, and sends the result of thedevice authentication to the device registration server 5. It is assumedherein that the device authentication succeeds.

In step S78, the device registration server 5 redirects and sends theresult of the device authentication received from the deviceauthentication server 3 to the user authentication server 2. At thistime, the device registration server 5 also sends information foridentifying the CE device 9, such as the device ID, to the userauthentication server 2.

The user authentication server 2 stores information relating to the usersuch as a user ID, the device ID, and device information in associationwith each other. In step S94, the user authentication server 2 sendsdevice information of the CE device 9 that has passed deviceauthentication to the device registration server 5.

In step S80, the device registration server 5 receives the deviceinformation, and stores the device information in association with theuser information stored earlier.

Then, in step S82, the device registration server 5 sends a notificationof completion of registration to the CE device 9.

In step S60, the CE device 9 receives the notification of completion ofregistration from the device registration server 5, and presents thenotification to the user.

The device registration process is completed by the procedure describedabove.

In this modification, the user authentication server 2 stores deviceinformation and provides the device information to the deviceregistration server 5. However, similarly to the preferred embodimentdescribed above, the device authentication server 3 may store deviceinformation and provide the device information to the deviceregistration server 5.

According to the first modification described above, a user and the CEdevice 9 can be associated with each other at the device registrationserver 5 without passing information for user authentication to thedevice registration server 5.

Second Modification

In a second modification, prepayment information of a user is furtherassociated with the user and the CE device 9. Prepayment is a method ofsettlement, and it is a system in which a user deposits money in advancein a prepayment account and the charge for the use of a service issettled by subtracting it from the money deposited.

The prepayment system is used when using a fee-based service, forexample, by presenting information identifying a user's prepaymentaccount, such as a prepayment ID. More specifically, when using such aservice, a user enters a prepayment ID to the CE device 9, or causes thereader/writer of the CE device 9 to read a contactless IC card storing aprepayment ID.

In the second modification, the prepayment information of the user isassociated with the user information and the device information so thata fee-based service can be used without entering a prepayment ID afterexecuting device authentication of the CE device 9.

FIG. 8 is a diagram showing an example configuration of a deviceregistration system 1 a according to the second modification. Componentscorresponding to those in the preferred embodiment described above aredesignated by the same numerals, and descriptions thereof will beomitted.

A service providing server 5 a uses the same procedure as in thepreferred embodiment to associate user information with deviceinformation.

The service providing server 5 a is capable of associating a user withthe CE device 9 in a manner similar to the device registration server 5in the preferred embodiment, and is also capable of providing variousservices to the CE device 9.

The service providing server 5 a associates a user with the CE device 9in a manner similar to the device registration server 5. Furthermore,the service providing server 5 a obtains prepayment information from auser authentication server 2 a together with user information, andassociates the prepayment information with the user information. Thatis, the service providing server 5 a obtains settlement information.

The prepayment information is information identifying a prepaymentaccount of a user, provided in a prepayment-information managementserver 4.

When providing a fee-based service to the CE device 9, the serviceproviding server 5 a sends service charge information and prepaymentinformation to the prepayment-information management server 4 to requestpayment of the service charge.

Upon receiving the bill of the service charge from the service providingserver 5 a, the prepayment-information management server 4 identifies aprepayment account of the user based on the prepayment information, andsubtracts the service charge.

As described above, the user can use prepayment information forsettlement, so that the prepayment information serves as settlementinformation in this modification.

FIG. 9A is a diagram showing an example of a user authentication tablestored in the user authentication server 2 a. In addition to theinformation in the user authentication table described in relation tothe preferred embodiment, prepayment information of the user is alsoassociated therewith.

When sending user information to the service providing server 5 a afteruser authentication, the user authentication server 2 a also sendsprepayment information of the user.

FIG. 9B is a diagram showing an example of the logical structure of aprepayment information database managed by the prepayment-informationmanagement server 4.

As shown in FIG. 9B, in the prepayment information database, prepaymentinformation, log data, and the like are associated with each other, anda prepayment account is provided for each user. The prepaymentinformation includes information needed for managing the prepaymentaccount of the user. A prepayment account can be identified based on theprepayment information. The log data includes records of deposits to andpayments from the prepayment account. The current balance of theprepayment account can be determined from the log data. A sum is addedfor depositing, and a sum is subtracted for settlement.

FIG. 9C is a diagram showing an example structure of a service usertable stored in the service providing server 5 a.

As shown in FIG. 9C, user information, prepayment information, deviceinformation, and registered services are associated with each other inthe table. More specifically, the service providing server 5 a storesuser information and prepayment information received from the userauthentication server 2 a and device information received from thedevice authentication server 3 such that these pieces of information areassociated with each other.

Furthermore, in the second modification, a service that can be used maybe set for each CE device 9. For example, the CE device 9 that isidentified by device information 1 can receive a service A and a serviceB.

The user can select services to use when registering the CE device 9.After registration, user information, prepayment information, andservices selected are displayed on the CE device 9, and the user canconfirm the information.

As described above, according to the second modification, the user canset services that can be used by the CE device 9, and can register aprepayment account for settling service charges.

Third Modification

FIG. 10 is a diagram showing the configuration of a device registrationsystem 1 b according to a third modification.

In this modification, a service providing server 5 b associates a userwith the CE device 9 and further with settlement information. Thesettlement information is information needed for settling a fee chargedto the user, such as a credit card number or an account number of a bankaccount from which the fee is to be subtracted. The settlementinformation in this modification may be the prepayment informationdescribed in relation to the second modification.

Components corresponding to those in the preferred embodiment describeabove are designated by the same numerals, and descriptions thereof willbe omitted. Furthermore, the service providing server 5 b uses the sameprocedure as in the preferred embodiment to associate user informationwith device information.

A user authentication server 2 b stores settlement information of theuser, and sends the settlement information to the service providingserver 5 b together with user information.

The service providing server 5 b stores the user information and thesettlement information received from the user authentication server 2 band device information received from the device authentication server 3in association with each other, so that the settlement informationobtained can be used for settlement.

When the user sends a request for a fee-based service from the CE device9 to the service providing server 5 b, the service providing server 5 bprovides the service and settles the service charge using the settlementinformation associated with the CE device 9.

FIG. 11A is a diagram showing an example of a user authentication tablestored in the user authentication server 2 a. As shown in FIG. 11A, inaddition to the information in the user authentication table describedin relation to the preferred embodiment, settlement information of theuser is also associated therewith.

When sending user information to the service providing server 5 b afteruser authentication, the user authentication server 2 b also sends thesettlement information.

FIG. 11B is a diagram showing an example of a service user table storedin the service providing server 5 b.

As shown in FIG. 11B, user information, settlement information, deviceinformation, and registered services are associated with each other inthe table. More specifically, the service providing server 5 b storesuser information and settlement information received from the userauthentication server 2 b and device information received from thedevice authentication server 3 such that these pieces of information areassociated with each other.

Furthermore, in the third modification, services that can be used may beset for each CE device 9.

In the third modification described above, when the user uses afee-based service of the service providing server 5 b using the CEdevice 9, the service charge is automatically settled according to thesettlement information associated with the CE device 9.

Fourth Modification

In this modification, a device that is capable of communicating with theCE device 9, such as a remote controller of the CE device 9, isregistered via the CE device 9.

By executing device registration via the CE device 9, deviceregistration is allowed even when the device itself is not capable ofconnecting to the device registration server 5.

As an example, a case where a remote controller of the CE device 9 isregistered using the device registration system 1 will be described. Itis assumed herein that the remote controller is capable of communicatingwith the IC card 7.

First, the CE device 9 sends a request for device registration to thedevice registration server 5.

Then, the IC card 7 is set to the remote controller and a password isentered from the remote controller, and the card ID and the password aresent to the CE device 9.

The subsequent processing is the same as in the case of deviceregistration of the CE device 9, whereby the remote controller isregistered in the device registration server 5.

As described above, device registration of a device that is not capableof communication via a network is allowed via the CE device 9.

Although the preferred embodiment and the modifications thereof havebeen described mainly in the context of device registration, the presentinvention may be applied, for example, to updating the registration ofthe CE device 9. Thus, for example, when a device is registered at apublic place or the like, such as when changing the model of a cellularphone or other communication device used for services, a device can beregistered and registration can be updated quickly without allowing athird party to see personal information or user authenticationinformation being entered.

Although the invention herein has been described with reference toparticular embodiments, it is to be understood that these embodimentsare merely illustrative of the principles and applications of thepresent invention. It is therefore to be understood that numerousmodifications may be made to the illustrative embodiments and that otherarrangements may be devised without departing from the spirit and scopeof the present invention as defined by the appended claims.

1. A device registration system, comprising: a terminal device storingdevice authentication information; and a device registration unit; theterminal device including: an obtaining unit operable to obtaininformation for identifying a user from an IC card; a confirming unitoperable to obtain information confirming that the user is a registereduser based on the user identification information; and a sending unitoperable to send the confirmation information and the stored deviceauthentication information to the device registration unit whilemaintaining a logical connection with the device registration unit; thedevice registration unit including: a user confirmation unit operable toreceive the confirmation information from the terminal device and toconfirm that the user is a registered user based on the confirmationinformation; an obtaining unit operable to obtain a result ofauthentication of the terminal device based on the device authenticationinformation received from the terminal device; and a storage unitoperable to store information that is unique to the user and informationthat is unique to the terminal device in association with each otherwhen the user has been confirmed as a registered user and the terminaldevice has been authenticated.
 2. A device registration server,comprising: an information receiving unit operable to receive userconfirmation information and device authentication information from aterminal device while maintaining a logical connection with the terminaldevice, the user confirmation information being usable to confirm that auser is a registered user, and the device authentication informationbeing usable to authenticate the terminal device; a user confirmationunit operable to confirm that the user is a registered user based on thereceived user confirmation information; a device-authentication-resultobtaining unit operable to obtain a result of authentication of theterminal device based on the received device authentication information;and a storage unit operable to store information of the user andinformation of the terminal device in association with each other whenthe user has been confirmed as a registered user and the terminal devicehas been authenticated.
 3. A device registration server according toclaim 2, wherein the user confirmation information includes useridentification information and password information, the deviceregistration server further comprising: a user-authentication requestingunit operable to request user authentication from a user authenticationunit based on the user identification information and the passwordinformation, and to obtain a result of the user authentication from theuser authentication unit, wherein the user confirmation unit confirmsthat the user is a registered user based on the result of the userauthentication.
 4. A device registration server according to claim 2,wherein the user confirmation information is a result of authenticationof the user, and the user confirmation unit confirms that the user is aregistered user by confirming that the result of the user authenticationis correct.
 5. A device registration server according to claim 2,further comprising: a service providing unit operable to provide aservice to the terminal device whose information has been stored by thestorage unit; and a settlement-information obtaining unit operable toobtain settlement information set in advance for the user; wherein thestorage unit is operable to store information that is unique to theuser, information that is unique to the device, and the obtainedsettlement information in association with each other, and the storedsettlement information is usable to settle a service charge for theprovided service.
 6. A device registration method, comprising: receivinguser confirmation information and device authentication information froma terminal device while maintaining a logical connection with theterminal device, the user confirmation information being usable toconfirm that a user is a registered user, and the device authenticationinformation being usable to authenticate the terminal device; confirmingthat the user is a registered user based on the received userconfirmation information; obtaining a result of an authenticationprocedure for the terminal device, the authentication procedure beingbased on the received device authentication information; and storinginformation of the user and information of the terminal device inassociation with each other when the user has been confirmed as aregistered user and the terminal device has been authenticated.
 7. Adevice registration method according to claim 6, wherein the userconfirmation information includes user identification information andpassword information, and the confirming step includes: requesting userauthentication based on the user identification information and thepassword information; obtaining a result of the user authentication; andconfirming that the user is a registered user based on the result of theuser authentication.
 8. A device registration method according to claim6, wherein the user confirmation information is a result ofauthentication of the user, and the confirming step includes confirmingthat the user is a registered user by confirming that the result of theuser authentication is correct.
 9. A device registration methodaccording to claim 6, further comprising: providing a service to theterminal device whose information has been stored in the storing step;and obtaining settlement information set in advance for the user;wherein the storing step stores information that is unique to the user,information that is unique to the terminal device, and the obtainedsettlement information in association with each other, and the storedsettlement information is usable to settle a service charge for theprovided service.
 10. A recording medium recorded with instructions forcausing a computer to execute a device registration method, the deviceregistration method comprising: receiving user confirmation informationand device authentication information from a terminal device whilemaintaining a logical connection with the terminal device, the userconfirmation information being usable to confirm that a user is aregistered user, and the device authentication information being usableto authenticate the terminal device; confirming that the user is aregistered user based on the received user confirmation information;obtaining a result of an authentication procedure for the terminaldevice, the authentication procedure being based on the received deviceauthentication information; and storing information of the user andinformation of the terminal device in association with each other whenthe user has been confirmed as a registered user and the terminal devicehas been authenticated.
 11. A recording medium according to claim 10,wherein the user confirmation information includes user identificationinformation and password information, and the confirming step includes:requesting user authentication based on the user identificationinformation and the password information; obtaining a result of the userauthentication; and confirming that the user is a registered user basedon the result of the user authentication.
 12. A recording mediumaccording to claim 10, wherein the user confirmation information is aresult of authentication of the user, and the confirming step includes:confirming that the user is a registered user by confirming that theresult of the user authentication is correct.
 13. A recording mediumaccording to claim 10, wherein the device registration method furthercomprises: providing a service to the terminal device whose informationhas been stored in the storing step; and obtaining settlementinformation set in advance for the user; wherein the storing step storesinformation that is unique to the user, information that is unique tothe device, and the obtained settlement information in association witheach other, and the stored settlement information is usable to settle aservice charge for the provided service.
 14. A system for performingdevice registration, the system comprising: a processor operable toexecute instructions; and instructions for performing a deviceregistration method, the method including: receiving user confirmationinformation and device authentication information from a terminal devicewhile maintaining a logical connection with the terminal device, theuser confirmation information being usable to confirm that a user is aregistered user, and the device authentication information being usableto authenticate the terminal device; confirming that the user is aregistered user based on the received user confirmation information;obtaining a result of an authentication procedure for the terminaldevice based on the received device authentication information; andstoring information of the user and information of the terminal devicein association with each other when the user has been confirmed as aregistered user and the terminal device has been authenticated.
 15. Aterminal device storing device authentication information, the terminaldevice comprising: a user-identification-information obtaining unitoperable to obtain information for identifying a user from an IC card; auser-confirmation-information obtaining unit operable to obtaininformation for confirming that the user is a registered user based onthe user identification information; and an information sending unitoperable to send the confirmation information and the stored deviceauthentication information to a device registration unit for storinginformation that is unique to the terminal device and information thatis unique to the user in association with each other while maintaining alogical connection with the device registration unit.
 16. A terminaldevice according to claim 15, further comprising: a password-informationobtaining unit operable to obtain password information, wherein theconfirmation information is composed using the user identificationinformation and the password information.
 17. A terminal deviceaccording to claim 15, further comprising: a password-informationobtaining unit operable to obtain password information; and auser-authentication-result obtaining unit operable to request userauthentication from a user authentication unit based on the useridentification information and the password information, and to obtain aresult of the user authentication from the user authentication unit;wherein the obtained confirmation information includes the result of theuser authentication.
 18. A device registration method, comprising:obtaining information for identifying a user from an IC card; obtaininginformation for confirming that the user is a registered user based onthe user identification information; and sending the confirmationinformation and stored device authentication information to a deviceregistration unit for storing information that is unique to the terminaldevice and information that is unique to the user in association witheach other while maintaining a logical connection with the deviceregistration unit.
 19. A device registration method according to claim18, further comprising: obtaining password information, wherein theobtained confirmation information is composed using the useridentification information and the password information.
 20. A deviceregistration method according to claim 18, further comprising: obtainingpassword information; requesting user authentication from a userauthentication unit based on the user identification information and thepassword information; and obtaining a result of the user authenticationfrom the user authentication unit; wherein the obtained confirmationinformation includes the result of the user authentication.
 21. Arecording medium recorded with instructions for causing a computer toexecute a device registration method, the device registration methodcomprising: obtaining information for identifying a user from an ICcard; obtaining information for confirming that the user is a registereduser based on the user identification information; and sending theconfirmation information and stored device authentication information toa device registration unit for storing information that is unique to theterminal device and information that is unique to the user inassociation with each other while maintaining a logical connection withthe device registration unit.
 22. A recording medium according to claim21, wherein the device registration method further comprises: obtainingpassword information, wherein the obtained confirmation information iscomposed using the user identification information and the passwordinformation.
 23. A recording medium according to claim 21, wherein thedevice registration method further comprises: obtaining passwordinformation; requesting user authentication from a user authenticationunit based on the user identification information and the passwordinformation; and obtaining a result of the user authentication from theuser authentication unit; wherein the obtained confirmation informationincludes the result of the user authentication.
 24. A system forperforming device registration, the system comprising: a processoroperable to execute instructions; and instructions for performing adevice registration method, the method including: obtaining informationfor identifying a user from an IC card; obtaining information forconfirming that the user is a registered user based on the useridentification information; and sending the confirmation information andstored device authentication information to a device registration unitfor storing information that is unique to the terminal device andinformation that is unique to the user in association with each otherwhile maintaining a logical connection with the device registrationunit.